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Amendments to the Claims: 

This listing of Claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Currently Amended) An Application Gateway Module suitable for 
use in a telecommunication system wherein a service network authenticates a user 
and authorizes the user for accessing a service offered by a service provider, the 
Application Gateway Module arranged for intercepting application messages between 
the user and the service and for identifying said user and said service, and including: 

means for obtaining an authorization decision on whether the user is allowed to 
access the service; 

the Application Gateway Module comprising: 

means for assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a first finite-state machine with a number of statuses 
intended to identify specific events in service delivery, the first finite state machine 
configured to control service progression 

means for initiating a specific instance of the first finite-state machine, said 
specific instance being identified by the assigned service session identifier; and 

means for activating service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified by the assigned service 
session identifier. 

2. (Canceled) 

3. (Previously Presented) The Application Gateway Module of claim 1 , 
wherein the means for activating service policies include means for setting at least one 
element selected from a non-exhaustive list of references and attributes that comprises: 

a number of message field values to match, a number of specific actions to carry 
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out on matching, a number of timer values to run, and a number of transactions to 
supervise, 

4. (Previously Presented) The Application Gateway Module of claim 1 , 
wherein the means for activating service policies include means for activating a global 
service policy independently of any service delivery in progress. 

5. (Previously Presented) The Application Gateway Module of claim 1 , 
wherein the means for activating service policies include means for initiating an 
instance of a global service policy to apply as an individual service policy within a 
specific instance of the first finite-state machine, the individual service policy inheriting 
references and attributes from the global service policy. 

6. (Previously Presented) The Application Gateway Module of claim 5, 
further comprising means for ovenA^riting references and attributes of an individual 
service policy with new references and attributes during a service progression handled 
within a specific instance of the first finite- state machine. 

7. (Previously Presented) The Application Gateway Module of claim 5, 
wherein a particular state is associated with a number of individual service policies 
within a specific instance of the first finite-state machine, said instance identified by a 
given service session identifier. 

8. (Currently Amended) The Application Gateway Module of claim [[2]] 
1, wherein the means for obtaining an authorization decision include means for 
requesting a service authorization from an Authorization Module. 

9. (Previously Presented) The Application Gateway Module of claim 8. 
wherein the means for activating service policies include means for receiving from the 
Authorization Module at least one element applicable to set a service policy, the 
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element selected from a non-exhaustive list of references and attributes that comprises: 
a number of message field values to match, a number of specific actions to carry out on 
matching, a number of timer values to run, and a number of transactions to supervise. 

10. (Previously Presented) The Application Gateway Module of claim 8, 
wherein the means for activating service policies includes means for receiving a global 
service policy from the Authorization Module. 

11. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for receiving references and attributes from the Authorization 
Module applicable to overwrite an individual service policy with new references and 
attributes during a service progression handled within a specific instance of the first 
finite-state machine. 

12. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for notifying to the Authorization Module a specific event in 
service progression. 

13. (Previously Presented) The Application Gateway Module of claim 8, 
further comprising means for requesting from the Authorization Module a further 
processing to determine an appropriate action to go on with the service progression. 

14. (Previously Presented) The Application Gateway Module of claim 13, 
further comprising means for receiving from the Authorization Module an instruction 
selected from: access granted without restriction, another service to substitute a 
previous service requested, forced logout, and indication of a state transition. 

15. (Currently Amended) An Authorization Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
authorizes the user for accessing a service offered by a service provider, the 
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Authorization Module arranged for deciding whether a user is allowed to access a 
service and having: 

means for receiving a service authorization request from an Application Gateway 
Module; and 

means for retuming to the Application Gateway Module a response on whether 
the user is granted access to the requested service; 
the Authorization Module comprising : 

means for generating a service session identifier intended to correlate those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a second finite-state machine with a number of statuses 
intended to identify specific events in service progression, the second finite-state 
machine usable by the Authorization Module to act over the Application Gateway 
Module to control the service progression; 

means for initiating a specific instance of the second finite-state machine, said 
specific instance being identified by said service session identifier; and 

means for determining service policies applicable to said specific events and 
resulting in a state transition in the specific instance identified by the assigned service 
session identifier. 

16. (Previously Presented) The Authorization Module of claim 15, wherein 
the means for generating a service session identifier comprise means for including said 
service session identifier in the response to be returned to the Application Gateway 
Module on whether the user is granted access to the requested service. 

17. (Canceled) 

18. (Previously Presented) The Authorization Module of claim 15, wherein 
a particular state is associated with a number of service policies within a specific 
instance of the second finite- state machine, said instance identified by a given service 
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session identifier. 

19. (Previously Presented) The Authorization Module of claim 15, wherein 
the means for determining service policies comprise means for including in the 
response towards the Application. Gateway Module at least one information element to 
activate a service policy within a specific state in the Application Gateway Module, said 
at least one information element selected from a non-exhaustive list of references and 
attributes that comprises: 

- a number of message field values to match; 

- a set of actions to carry out on matching a given message field value ; 

- a number of new timer values to run; and 

- a number of transactions to supervise. 

20. (Previously Presented) The Authorization Module of claim 19, wherein 
the means for including in the response towards the Application Gateway Module at 
least one information element to activate a service policy include means for indicating 
that this is a global service policy to apply independently of any service delivery in 
progress. 

21. (Currently Amended) The Authorization Module of claim 16. further 
comprising means for receiving a notification, from an Application Gateway Module^, 
indicating a specific event detected in service progression. 

22. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving a request, from an Application Gateway Module, asking 
for an instruction to proceed with a service progression. 

23. (Previously Presented) The Authorization Module of claim 22, further 
comprising means for sending towards the Application Gateway Module an instruction 
selected from: access granted without restriction, another service to substitute a 
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previous service requested, forced logout, and indication of a state transition. 

24. (Previously Presented) The Authorization Module of claim 16, further 
comprising means for receiving an application message from at least one entity 
selected from a number of application servers and provisioning systems, the 
application message including a given service session identifier intended to identify a 
specific instance of the second finite-state machine in the Authorization Module. 

25. (Currently Amended) A method for authorizing a user of a service 
network to access a service offered by a service server of a service provider, the user 
already authenticated by the service network, the server arranged to deliver a service 
that comprises a plurality of transactions by exchanging a plurality of application 
messages with the user, the method comprising the steps of: 

obtaining a first authorization decision on whether the user is allowed to access 
the service; 

generating and assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

configuring at least one finite-state machine with a number of statuses intended 
to identify specific events in service delivery, the finite-state machine usable for 
controlling service progression 

initiating a specific instance of the at least one finite-state machine, said specific 
instance being identified by the assigned service session identifier; and 

activating service policies applicable to said specific events and resulting in a 
state transition in the specific instance identified by the assigned service session 
identifier. 

26. (Canceled) 

27. (Previously Presented) The method of claim 25, wherein a particular 
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State within the specific instance of the at least one finite-state machine is associated 
with a number of service policies. 

28. (Previously Presented) The method of claim 25, wherein the step of 
activating service policies includes a step of setting at least one element selected from a 
non-exhaustive list of references and attributes that comprises: a number of message 
field values to match, a number of specific actions to carry out on matching, a number of 
timer values to run, and a number of transactions to supervise. 

29. (Previously Presented) The method of claim 25, further comprising a 
step of receiving at the service network an application message originated at an entity 
selected from: a number of service servers of a service provider and a number of 
entities of a provisioning system, the application message including a given service 
session identifier intended to identify a specific instance of the at least one finite-state 
machine. 

30. (Previously Presented) The method of claim 25. wherein the step of 
configuring at least one finite-state machine further comprises configuring a first finite- 
state machine in an Application Gateway Module and configuring a second finite-state 
machine in an Authorization Module. 

31. (New) An Application Gateway Module suitable for use in a 
telecommunication system wherein a service network authenticates a user and 
authorizes the user for accessing a service offered by a service provider, the Application 
Gateway Module arranged for intercepting application messages between the user and 
the service and for identifying said user and said service, the Application Gateway 
Module comprising: 

means for obtaining an authorization decision on whether the user is allowed to 
access the service; 
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means for assigning a service session identifier intended to identify those 
application messages exchanged between the user and the service and that belong to a 
same service delivery authorized for said user; 

means for configuring a first finite-state machine with a number of statuses 
intended to identify specific events in service delivery, the first finite state machine 
configured to control service progression from a null state, a service authorization state, 
an active service state, and a disconnect service state; and 

means for activating service policies applicable to said specific events and 
resulting in a state transition in the first finite-state machine, the activating means further 
comprising: 

means for statically arming at least one of the service policies before 
arrival of a first message to invoke the service; and 

means for dynamically arming at least one of the service policies during 
the progression of the service. 
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